Microsoft releases 59 fixes this month including 2 Critical Threats and 2 with CVSS Score of 9.0 or Above
We also have 57 Important severities fixed covering Microsoft Windows, Windows Components, Office, Azure, .NET Framework, Visual Studio, SQL Server, Windows Hyper-V & Skype for Skype Windows.
Robert Brown, Head of Customer Success for Syxsense said, “March is a very light month for patching, with no Weaponised or Public Aware Threats. You still must prioritise what you are vulnerable for, as some of these Threats carry the Jump Point threat. If you count all the individual CVSS scores together, March has a combined CVSS score of 447.8 where the average CVSS score was 7.6 which is just down on last month’s median score of 7.5.”
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.
CVE-2024-21407 – Windows Hyper-V Remote Code Execution Vulnerability
This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM, to hardware resources on the VM which could result in remote code execution on the host server.
This bug allows a remote attacker to execute arbitrary code on the system.
Syxscore
- Vendor Severity: Important
- CVSS: 8.1
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope / Jump Point: Unchanged / No
CVE-2024-21334 – Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Customers running affected versions of SCOM (System Center Operations Manager) should update to OMI version 1.8.1-0. The vulnerability allows a remote attacker to compromise vulnerable system.
Syxscore
- Vendor Severity: Important
- CVSS: 9.8
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope / Jump Point: Unchanged / No
CVE-2024-21400 – Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC).
Syxscore
- Vendor Severity: Important
- CVSS: 9.0
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope / Jump Point: Changed / Yes
| Reference | Description | Vendor Severity | CVSS Score | Weaponised | Publicly Aware | Additional Details | Impact | Exploitability Assessment |
| CVE-2024-21407 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21408 | Windows Hyper-V Denial of Service Vulnerability | Critical | 5.5 | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-21334 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | Important | 9.8 | No | No | Customers running affected versions of SCOM (System Center Operations Manager) should update to OMI version 1.8.1-0. | Remote Code Execution | Exploitation Less Likely |
| CVE-2024-21400 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important | 9.0 | No | No | Scope = Changed, Jump Point = True
An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC). |
Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-21411 | Skype for Consumer Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21435 | Windows OLE Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21440 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21441 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21444 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21450 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21451 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-26159 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-26161 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-26162 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-26164 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-26165 | Visual Studio Code Elevation of Privilege Vulnerability | Important | 8.8 | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21330 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21418 | Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21426 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21431 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21434 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-21436 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21437 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-21442 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-21446 | NTFS Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-26170 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-26173 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-26176 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-26178 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-26199 | Microsoft Office Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-21419 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 7.6 | No | No | Scope = Changed, Jump Point = True
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. |
Spoofing | Exploitation Less Likely |
| CVE-2024-21392 | .NET and Visual Studio Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-21421 | Azure SDK Spoofing Vulnerability | Important | 7.5 | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2024-21427 | Windows Kerberos Security Feature Bypass Vulnerability | Important | 7.5 | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21438 | Microsoft AllJoyn API Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-26204 | Outlook for Android Information Disclosure Vulnerability | Important | 7.5 | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2024-21443 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.3 | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-26203 | Azure Data Studio Elevation of Privilege Vulnerability | Important | 7.3 | No | No | The attacker would gain the rights of the user that is running the affected application. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-21390 | Microsoft Authenticator Elevation of Privilege Vulnerability | Important | 7.1 | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21432 | Windows Update Stack Elevation of Privilege Vulnerability | Important | 7.0 | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21433 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.0 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-21439 | Windows Telephony Server Elevation of Privilege Vulnerability | Important | 7.0 | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21445 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important | 7.0 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-21429 | Windows USB Hub Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | Important | 6.6 | No | No | This vulnerability could allow an attacker to view potentially restricted information inside of a custom compliance script and tamper with the results of the scripts, but does not allow the attacker to make any other parts of the Intune service unavailable | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability | Important | 6.5 | No | No | Tampering | Exploitation More Likely | |
| CVE-2024-26197 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-21430 | Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | Important | 5.7 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-20671 | Microsoft Defender Security Feature Bypass Vulnerability | Important | 5.5 | No | No | An authenticated attacker who successfully exploited this vulnerability could prevent Microsoft Defender from starting. | Security Feature Bypass | Exploitation Less Likely |
| CVE-2024-26160 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | Information Disclosure | Exploitation More Likely | |
| CVE-2024-26174 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2024-26177 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2024-26181 | Windows Kernel Denial of Service Vulnerability | Important | 5.5 | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-21448 | Microsoft Teams for Android Information Disclosure Vulnerability | Important | 5.0 | No | No | Information Disclosure | Exploitation Less Likely |
